summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog4
-rw-r--r--debian/openssh-server.postinst11
2 files changed, 14 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog
index ecbea235e..8369d2aab 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -52,6 +52,10 @@ openssh (1:5.2p1-1) UNRELEASED; urgency=low
52 non-BSD systems (closes: #154434). 52 non-BSD systems (closes: #154434).
53 * Remove/adjust manual page references to BSD-specific /etc/rc (closes: 53 * Remove/adjust manual page references to BSD-specific /etc/rc (closes:
54 #513417). 54 #513417).
55 * Refer to sshd_config(5) rather than sshd(8) in postinst-written
56 /etc/ssh/sshd_config, and add UsePAM commentary from upstream-shipped
57 configuration file (closes: #415008, although unfortunately this will
58 only be conveniently visible on new installations).
55 59
56 -- Colin Watson <cjwatson@debian.org> Thu, 12 Nov 2009 21:31:44 +0000 60 -- Colin Watson <cjwatson@debian.org> Thu, 12 Nov 2009 21:31:44 +0000
57 61
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst
index 9dfc68a5a..557bf2b23 100644
--- a/debian/openssh-server.postinst
+++ b/debian/openssh-server.postinst
@@ -294,7 +294,7 @@ create_sshdconfig() {
294 294
295 cat <<EOF > /etc/ssh/sshd_config 295 cat <<EOF > /etc/ssh/sshd_config
296# Package generated configuration file 296# Package generated configuration file
297# See the sshd(8) manpage for details 297# See the sshd_config(5) manpage for details
298 298
299# What ports, IPs and protocols we listen for 299# What ports, IPs and protocols we listen for
300Port 22 300Port 22
@@ -369,6 +369,15 @@ AcceptEnv LANG LC_*
369 369
370Subsystem sftp /usr/lib/openssh/sftp-server 370Subsystem sftp /usr/lib/openssh/sftp-server
371 371
372# Set this to 'yes' to enable PAM authentication, account processing,
373# and session processing. If this is enabled, PAM authentication will
374# be allowed through the ChallengeResponseAuthentication and
375# PasswordAuthentication. Depending on your PAM configuration,
376# PAM authentication via ChallengeResponseAuthentication may bypass
377# the setting of "PermitRootLogin without-password".
378# If you just want the PAM account and session checks to run without
379# PAM authentication, then enable this but set PasswordAuthentication
380# and ChallengeResponseAuthentication to 'no'.
372UsePAM yes 381UsePAM yes
373EOF 382EOF
374} 383}